minio/cmd/crypto/header.go

// MinIO Cloud Storage, (C) 2015, 2016, 2017, 2018 MinIO, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//    http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package crypto

import (
	"bytes"
	"crypto/md5"
	"encoding/base64"
	"net/http"

	xhttp "github.com/minio/minio/cmd/http"
)

// RemoveSensitiveHeaders removes confidential encryption
// information - e.g. the SSE-C key - from the HTTP headers.
// It has the same semantics as RemoveSensitiveEntires.
func RemoveSensitiveHeaders(h http.Header) {
	h.Del(xhttp.AmzServerSideEncryptionCustomerKey)
	h.Del(xhttp.AmzServerSideEncryptionCopyCustomerKey)
	h.Del(xhttp.AmzMetaUnencryptedContentLength)
	h.Del(xhttp.AmzMetaUnencryptedContentMD5)
}

var (
	// SSECopy represents AWS SSE-C for copy requests. It provides
	// functionality to handle SSE-C copy requests.
	SSECopy = ssecCopy{}
)

type ssecCopy struct{}

// IsRequested returns true if the HTTP headers contains
// at least one SSE-C copy header. Regular SSE-C headers
// are ignored.
func (ssecCopy) IsRequested(h http.Header) bool {
	if _, ok := h[xhttp.AmzServerSideEncryptionCopyCustomerAlgorithm]; ok {
		return true
	}
	if _, ok := h[xhttp.AmzServerSideEncryptionCopyCustomerKey]; ok {
		return true
	}
	if _, ok := h[xhttp.AmzServerSideEncryptionCopyCustomerKeyMD5]; ok {
		return true
	}
	return false
}

// ParseHTTP parses the SSE-C copy headers and returns the SSE-C client key
// on success. Regular SSE-C headers are ignored.
func (ssecCopy) ParseHTTP(h http.Header) (key [32]byte, err error) {
	if h.Get(xhttp.AmzServerSideEncryptionCopyCustomerAlgorithm) != xhttp.AmzEncryptionAES {
		return key, ErrInvalidCustomerAlgorithm
	}
	if h.Get(xhttp.AmzServerSideEncryptionCopyCustomerKey) == "" {
		return key, ErrMissingCustomerKey
	}
	if h.Get(xhttp.AmzServerSideEncryptionCopyCustomerKeyMD5) == "" {
		return key, ErrMissingCustomerKeyMD5
	}

	clientKey, err := base64.StdEncoding.DecodeString(h.Get(xhttp.AmzServerSideEncryptionCopyCustomerKey))
	if err != nil || len(clientKey) != 32 { // The client key must be 256 bits long
		return key, ErrInvalidCustomerKey
	}
	keyMD5, err := base64.StdEncoding.DecodeString(h.Get(xhttp.AmzServerSideEncryptionCopyCustomerKeyMD5))
	if md5Sum := md5.Sum(clientKey); err != nil || !bytes.Equal(md5Sum[:], keyMD5) {
		return key, ErrCustomerKeyMD5Mismatch
	}
	copy(key[:], clientKey)
	return key, nil
}
Replace Minio refs in docs with MinIO and links (#7494) 2019-04-09 14:39:42 -04:00			`// MinIO Cloud Storage, (C) 2015, 2016, 2017, 2018 MinIO, Inc.`
new package: cmd/crypto (#6062) This commit introduces a new crypto package providing AWS S3 related cryptographic building blocks to implement SSE-S3 (master key or KMS) and SSE-C. This change only adds some basic functionallity esp. related to SSE-S3 and documents the general approach for SSE-S3 and SSE-C. 2018-06-28 15:47:42 -04:00			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package crypto`

			`import (`
crypto: add basic functionality for parsing SSE-C headers (#6148) This commit adds basic support for SSE-C / SSE-C copy. This includes functions for determining whether SSE-C is requested by the S3 client and functions for parsing such HTTP headers. All S3 SSE-C parsing errors are exported such that callers can pattern-match to forward the correct error to S3 clients. Further the SSE-C related internal metadata entry-keys are added by this commit. 2018-07-18 13:49:26 -04:00			`"bytes"`
			`"crypto/md5"`
			`"encoding/base64"`
new package: cmd/crypto (#6062) This commit introduces a new crypto package providing AWS S3 related cryptographic building blocks to implement SSE-S3 (master key or KMS) and SSE-C. This change only adds some basic functionallity esp. related to SSE-S3 and documents the general approach for SSE-S3 and SSE-C. 2018-06-28 15:47:42 -04:00			`"net/http"`
security: Remove insecure custom headers (#10244) Background: https://github.com/google/security-research/security/advisories/GHSA-76wf-9vgp-pj7w Remove these custom headers from incoming and outgoing requests. 2020-08-11 11:29:29 -04:00
			`xhttp "github.com/minio/minio/cmd/http"`
new package: cmd/crypto (#6062) This commit introduces a new crypto package providing AWS S3 related cryptographic building blocks to implement SSE-S3 (master key or KMS) and SSE-C. This change only adds some basic functionallity esp. related to SSE-S3 and documents the general approach for SSE-S3 and SSE-C. 2018-06-28 15:47:42 -04:00			`)`

add functions to remove confidential information (#6516) This commit adds two functions for removing confidential information - like SSE-C keys - from HTTP headers / object metadata. This creates a central point grouping all headers/entries which must be filtered / removed. See also https://github.com/minio/minio/pull/6489#discussion_r219797993 of #6489 2018-09-24 11:32:51 -04:00			`// RemoveSensitiveHeaders removes confidential encryption`
			`// information - e.g. the SSE-C key - from the HTTP headers.`
			`// It has the same semantics as RemoveSensitiveEntires.`
			`func RemoveSensitiveHeaders(h http.Header) {`
refactor cmd/crypto code for SSE handling and parsing (#11045) This commit refactors the code in `cmd/crypto` and separates SSE-S3, SSE-C and SSE-KMS. This commit should not cause any behavior change except for: - `IsRequested(http.Header)` which now returns the requested type {SSE-C, SSE-S3, SSE-KMS} and does not consider SSE-C copy headers. However, SSE-C copy headers alone are anyway not valid. 2020-12-22 12:19:32 -05:00			`h.Del(xhttp.AmzServerSideEncryptionCustomerKey)`
			`h.Del(xhttp.AmzServerSideEncryptionCopyCustomerKey)`
security: Remove insecure custom headers (#10244) Background: https://github.com/google/security-research/security/advisories/GHSA-76wf-9vgp-pj7w Remove these custom headers from incoming and outgoing requests. 2020-08-11 11:29:29 -04:00			`h.Del(xhttp.AmzMetaUnencryptedContentLength)`
			`h.Del(xhttp.AmzMetaUnencryptedContentMD5)`
add functions to remove confidential information (#6516) This commit adds two functions for removing confidential information - like SSE-C keys - from HTTP headers / object metadata. This creates a central point grouping all headers/entries which must be filtered / removed. See also https://github.com/minio/minio/pull/6489#discussion_r219797993 of #6489 2018-09-24 11:32:51 -04:00			`}`

crypto: add basic functionality for parsing SSE-C headers (#6148) This commit adds basic support for SSE-C / SSE-C copy. This includes functions for determining whether SSE-C is requested by the S3 client and functions for parsing such HTTP headers. All S3 SSE-C parsing errors are exported such that callers can pattern-match to forward the correct error to S3 clients. Further the SSE-C related internal metadata entry-keys are added by this commit. 2018-07-18 13:49:26 -04:00			`var (`
			`// SSECopy represents AWS SSE-C for copy requests. It provides`
			`// functionality to handle SSE-C copy requests.`
			`SSECopy = ssecCopy{}`
			`)`

			`type ssecCopy struct{}`

			`// IsRequested returns true if the HTTP headers contains`
			`// at least one SSE-C copy header. Regular SSE-C headers`
			`// are ignored.`
			`func (ssecCopy) IsRequested(h http.Header) bool {`
refactor cmd/crypto code for SSE handling and parsing (#11045) This commit refactors the code in `cmd/crypto` and separates SSE-S3, SSE-C and SSE-KMS. This commit should not cause any behavior change except for: - `IsRequested(http.Header)` which now returns the requested type {SSE-C, SSE-S3, SSE-KMS} and does not consider SSE-C copy headers. However, SSE-C copy headers alone are anyway not valid. 2020-12-22 12:19:32 -05:00			`if _, ok := h[xhttp.AmzServerSideEncryptionCopyCustomerAlgorithm]; ok {`
crypto: add basic functionality for parsing SSE-C headers (#6148) This commit adds basic support for SSE-C / SSE-C copy. This includes functions for determining whether SSE-C is requested by the S3 client and functions for parsing such HTTP headers. All S3 SSE-C parsing errors are exported such that callers can pattern-match to forward the correct error to S3 clients. Further the SSE-C related internal metadata entry-keys are added by this commit. 2018-07-18 13:49:26 -04:00			`return true`
			`}`
refactor cmd/crypto code for SSE handling and parsing (#11045) This commit refactors the code in `cmd/crypto` and separates SSE-S3, SSE-C and SSE-KMS. This commit should not cause any behavior change except for: - `IsRequested(http.Header)` which now returns the requested type {SSE-C, SSE-S3, SSE-KMS} and does not consider SSE-C copy headers. However, SSE-C copy headers alone are anyway not valid. 2020-12-22 12:19:32 -05:00			`if _, ok := h[xhttp.AmzServerSideEncryptionCopyCustomerKey]; ok {`
crypto: add basic functionality for parsing SSE-C headers (#6148) This commit adds basic support for SSE-C / SSE-C copy. This includes functions for determining whether SSE-C is requested by the S3 client and functions for parsing such HTTP headers. All S3 SSE-C parsing errors are exported such that callers can pattern-match to forward the correct error to S3 clients. Further the SSE-C related internal metadata entry-keys are added by this commit. 2018-07-18 13:49:26 -04:00			`return true`
			`}`
refactor cmd/crypto code for SSE handling and parsing (#11045) This commit refactors the code in `cmd/crypto` and separates SSE-S3, SSE-C and SSE-KMS. This commit should not cause any behavior change except for: - `IsRequested(http.Header)` which now returns the requested type {SSE-C, SSE-S3, SSE-KMS} and does not consider SSE-C copy headers. However, SSE-C copy headers alone are anyway not valid. 2020-12-22 12:19:32 -05:00			`if _, ok := h[xhttp.AmzServerSideEncryptionCopyCustomerKeyMD5]; ok {`
crypto: add basic functionality for parsing SSE-C headers (#6148) This commit adds basic support for SSE-C / SSE-C copy. This includes functions for determining whether SSE-C is requested by the S3 client and functions for parsing such HTTP headers. All S3 SSE-C parsing errors are exported such that callers can pattern-match to forward the correct error to S3 clients. Further the SSE-C related internal metadata entry-keys are added by this commit. 2018-07-18 13:49:26 -04:00			`return true`
			`}`
			`return false`
			`}`

crypto: add support for parsing/creating SSE-C/SSE-S3 metadata (#6169) * crypto: add support for parsing SSE-C/SSE-S3 metadata This commit adds support for detecting and parsing SSE-C/SSE-S3 object metadata. With the `IsEncrypted` functions it is possible to determine whether an object seems to be encrypted. With the `ParseMetadata` functions it is possible to validate such metadata and extract the SSE-C/SSE-S3 related values. It also fixes some naming issues. * crypto: add functions for creating SSE object metadata This commit adds functions for creating SSE-S3 and SSE-C metadata. It also adds a `CreateMultipartMetadata` for creating multipart metadata. For all functions unit tests are included. 2018-07-25 16:35:54 -04:00			`// ParseHTTP parses the SSE-C copy headers and returns the SSE-C client key`
crypto: add basic functionality for parsing SSE-C headers (#6148) This commit adds basic support for SSE-C / SSE-C copy. This includes functions for determining whether SSE-C is requested by the S3 client and functions for parsing such HTTP headers. All S3 SSE-C parsing errors are exported such that callers can pattern-match to forward the correct error to S3 clients. Further the SSE-C related internal metadata entry-keys are added by this commit. 2018-07-18 13:49:26 -04:00			`// on success. Regular SSE-C headers are ignored.`
crypto: add support for parsing/creating SSE-C/SSE-S3 metadata (#6169) * crypto: add support for parsing SSE-C/SSE-S3 metadata This commit adds support for detecting and parsing SSE-C/SSE-S3 object metadata. With the `IsEncrypted` functions it is possible to determine whether an object seems to be encrypted. With the `ParseMetadata` functions it is possible to validate such metadata and extract the SSE-C/SSE-S3 related values. It also fixes some naming issues. * crypto: add functions for creating SSE object metadata This commit adds functions for creating SSE-S3 and SSE-C metadata. It also adds a `CreateMultipartMetadata` for creating multipart metadata. For all functions unit tests are included. 2018-07-25 16:35:54 -04:00			`func (ssecCopy) ParseHTTP(h http.Header) (key [32]byte, err error) {`
refactor cmd/crypto code for SSE handling and parsing (#11045) This commit refactors the code in `cmd/crypto` and separates SSE-S3, SSE-C and SSE-KMS. This commit should not cause any behavior change except for: - `IsRequested(http.Header)` which now returns the requested type {SSE-C, SSE-S3, SSE-KMS} and does not consider SSE-C copy headers. However, SSE-C copy headers alone are anyway not valid. 2020-12-22 12:19:32 -05:00			`if h.Get(xhttp.AmzServerSideEncryptionCopyCustomerAlgorithm) != xhttp.AmzEncryptionAES {`
crypto: add basic functionality for parsing SSE-C headers (#6148) This commit adds basic support for SSE-C / SSE-C copy. This includes functions for determining whether SSE-C is requested by the S3 client and functions for parsing such HTTP headers. All S3 SSE-C parsing errors are exported such that callers can pattern-match to forward the correct error to S3 clients. Further the SSE-C related internal metadata entry-keys are added by this commit. 2018-07-18 13:49:26 -04:00			`return key, ErrInvalidCustomerAlgorithm`
			`}`
refactor cmd/crypto code for SSE handling and parsing (#11045) This commit refactors the code in `cmd/crypto` and separates SSE-S3, SSE-C and SSE-KMS. This commit should not cause any behavior change except for: - `IsRequested(http.Header)` which now returns the requested type {SSE-C, SSE-S3, SSE-KMS} and does not consider SSE-C copy headers. However, SSE-C copy headers alone are anyway not valid. 2020-12-22 12:19:32 -05:00			`if h.Get(xhttp.AmzServerSideEncryptionCopyCustomerKey) == "" {`
crypto: add basic functionality for parsing SSE-C headers (#6148) This commit adds basic support for SSE-C / SSE-C copy. This includes functions for determining whether SSE-C is requested by the S3 client and functions for parsing such HTTP headers. All S3 SSE-C parsing errors are exported such that callers can pattern-match to forward the correct error to S3 clients. Further the SSE-C related internal metadata entry-keys are added by this commit. 2018-07-18 13:49:26 -04:00			`return key, ErrMissingCustomerKey`
			`}`
refactor cmd/crypto code for SSE handling and parsing (#11045) This commit refactors the code in `cmd/crypto` and separates SSE-S3, SSE-C and SSE-KMS. This commit should not cause any behavior change except for: - `IsRequested(http.Header)` which now returns the requested type {SSE-C, SSE-S3, SSE-KMS} and does not consider SSE-C copy headers. However, SSE-C copy headers alone are anyway not valid. 2020-12-22 12:19:32 -05:00			`if h.Get(xhttp.AmzServerSideEncryptionCopyCustomerKeyMD5) == "" {`
crypto: add basic functionality for parsing SSE-C headers (#6148) This commit adds basic support for SSE-C / SSE-C copy. This includes functions for determining whether SSE-C is requested by the S3 client and functions for parsing such HTTP headers. All S3 SSE-C parsing errors are exported such that callers can pattern-match to forward the correct error to S3 clients. Further the SSE-C related internal metadata entry-keys are added by this commit. 2018-07-18 13:49:26 -04:00			`return key, ErrMissingCustomerKeyMD5`
			`}`

refactor cmd/crypto code for SSE handling and parsing (#11045) This commit refactors the code in `cmd/crypto` and separates SSE-S3, SSE-C and SSE-KMS. This commit should not cause any behavior change except for: - `IsRequested(http.Header)` which now returns the requested type {SSE-C, SSE-S3, SSE-KMS} and does not consider SSE-C copy headers. However, SSE-C copy headers alone are anyway not valid. 2020-12-22 12:19:32 -05:00			`clientKey, err := base64.StdEncoding.DecodeString(h.Get(xhttp.AmzServerSideEncryptionCopyCustomerKey))`
crypto: add basic functionality for parsing SSE-C headers (#6148) This commit adds basic support for SSE-C / SSE-C copy. This includes functions for determining whether SSE-C is requested by the S3 client and functions for parsing such HTTP headers. All S3 SSE-C parsing errors are exported such that callers can pattern-match to forward the correct error to S3 clients. Further the SSE-C related internal metadata entry-keys are added by this commit. 2018-07-18 13:49:26 -04:00			`if err != nil \|\| len(clientKey) != 32 { // The client key must be 256 bits long`
			`return key, ErrInvalidCustomerKey`
			`}`
refactor cmd/crypto code for SSE handling and parsing (#11045) This commit refactors the code in `cmd/crypto` and separates SSE-S3, SSE-C and SSE-KMS. This commit should not cause any behavior change except for: - `IsRequested(http.Header)` which now returns the requested type {SSE-C, SSE-S3, SSE-KMS} and does not consider SSE-C copy headers. However, SSE-C copy headers alone are anyway not valid. 2020-12-22 12:19:32 -05:00			`keyMD5, err := base64.StdEncoding.DecodeString(h.Get(xhttp.AmzServerSideEncryptionCopyCustomerKeyMD5))`
crypto: add basic functionality for parsing SSE-C headers (#6148) This commit adds basic support for SSE-C / SSE-C copy. This includes functions for determining whether SSE-C is requested by the S3 client and functions for parsing such HTTP headers. All S3 SSE-C parsing errors are exported such that callers can pattern-match to forward the correct error to S3 clients. Further the SSE-C related internal metadata entry-keys are added by this commit. 2018-07-18 13:49:26 -04:00			`if md5Sum := md5.Sum(clientKey); err != nil \|\| !bytes.Equal(md5Sum[:], keyMD5) {`
			`return key, ErrCustomerKeyMD5Mismatch`
			`}`
			`copy(key[:], clientKey)`
			`return key, nil`
			`}`